| |
| |||||||
Log-Analyse und Auswertung: Interpol-Virus - Rechner ist gesperrtWindows 7 Wenn Du Dir einen Trojaner eingefangen hast oder ständig Viren Warnungen bekommst, kannst Du hier die Logs unserer Diagnose Tools zwecks Auswertung durch unsere Experten posten. Um Viren und Trojaner entfernen zu können, muss das infizierte System zuerst untersucht werden: Erste Schritte zur Hilfe. Beachte dass ein infiziertes System nicht vertrauenswürdig ist und bis zur vollständigen Entfernung der Malware nicht verwendet werden sollte.XML. |
17.01.2014, 15:10
| #1 |
| |  Interpol-Virus - Rechner ist gesperrt Hallo zusammen! Ich habe dasselbe problem, wie Mauli.Mauli. plötzlich erschien das Interpol fenster und ließ sich nicht mehr schließen, erst wenn ich nen haufen geld überweise solls verschwinden. die ersten schritte hab ich bereits getan, wie es in seinem beitrag stand. sprich den systemscan und auch die frst.exe, aber wie nun weiter? danke schonmal für die hilfe!  lg yilli hier meine frst.exe: FRST Logfile: Code:
ATTFilter Scan result of Farbar Recovery Scan Tool (FRST.txt) (x64) Version: 15-01-2014 03
Ran by SYSTEM on MININT-A89QQ05 on 17-01-2014 14:42:57
Running from F:\
Windows 7 Home Premium Service Pack 1 (X64) OS Language: German Standard
Internet Explorer Version 11
Boot Mode: Recovery
The current controlset is ControlSet001
ATTENTION!:=====> If the system is bootable FRST could be run from normal or Safe mode to create a complete log.
==================== Registry (Whitelisted) ==================
HKLM\...\Run: [RTHDVCPL] - C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13307496 2011-10-17] (Realtek Semiconductor)
HKLM\...\Run: [Kernel and Hardware Abstraction Layer] - C:\Windows\KHALMNPR.EXE [130576 2009-06-17] (Logitech, Inc.)
HKLM-x32\...\Run: [IAStorIcon] - C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [284480 2012-05-30] (Intel Corporation)
HKLM-x32\...\Run: [USB3MON] - C:\Program Files (x86)\Intel\Intel(R) USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291608 2012-02-26] (Intel Corporation)
HKLM-x32\...\Run: [AVMWlanClient] - C:\Program Files (x86)\avmwlanstick\wlangui.exe [2105344 2010-10-22] (AVM Berlin)
HKLM-x32\...\Run: [avgnt] - C:\Program Files (x86)\Avira\AntiVir Desktop\avgnt.exe [684600 2013-12-18] (Avira Operations GmbH & Co. KG)
HKLM-x32\...\Run: [Adobe ARM] - C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [959904 2013-11-21] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [SweetIM] - C:\Program Files (x86)\SweetIM\Messenger\SweetIM.exe [115032 2012-10-04] (SweetIM Technologies Ltd.)
HKLM-x32\...\Run: [BlueStacks Agent] - C:\Program Files (x86)\BlueStacks\HD-Agent.exe [601928 2013-06-10] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [QuickTime Task] - C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2012-10-25] (Apple Inc.)
HKLM-x32\...\Run: [SunJavaUpdateSched] - C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [254336 2013-07-02] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\Reinicke\...\Run: [Steam] - C:\Spiele\Steam\Steam.exe [1815464 2014-01-07] (Valve Corporation)
AppInit_DLLs: C:\Windows\system32\nvinitx.dll [245872 2013-02-25] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll [201576 2013-02-25] (NVIDIA Corporation)
Startup: C:\Users\Reinicke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk
ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.)
Startup: C:\Users\Reinicke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\CurseClientStartup.ccip ()
Startup: C:\Users\Reinicke\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\OpenOffice.org 3.4.1.lnk
ShortcutTarget: OpenOffice.org 3.4.1.lnk -> C:\Program Files (x86)\OpenOffice.org 3\program\quickstart.exe ()
==================== Services (Whitelisted) =================
S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-20] (Adobe Systems)
S2 AntiVirSchedulerService; C:\Program Files (x86)\Avira\AntiVir Desktop\sched.exe [440376 2013-12-18] (Avira Operations GmbH & Co. KG)
S2 AntiVirService; C:\Program Files (x86)\Avira\AntiVir Desktop\avguard.exe [440376 2013-11-19] (Avira Operations GmbH & Co. KG)
S2 AVM WLAN Connection Service; C:\Program Files (x86)\avmwlanstick\WlanNetService.exe [376832 2010-10-22] (AVM Berlin)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [393032 2013-06-10] (BlueStack Systems, Inc.)
S2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384840 2013-06-10] (BlueStack Systems, Inc.)
S2 IBUpdaterService; C:\Windows\system32\dmwu.exe [1833776 2013-12-29] ()
S2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128280 2012-02-21] ()
S2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [133632 2012-02-09] ()
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [161560 2012-02-21] (Intel Corporation)
==================== Drivers (Whitelisted) ====================
S0 asahci64; C:\Windows\System32\DRIVERS\asahci64.sys [49760 2011-09-21] (Asmedia Technology)
S2 atksgt; C:\Windows\System32\DRIVERS\atksgt.sys [314016 2013-04-05] ()
S2 avgntflt; C:\Windows\System32\DRIVERS\avgntflt.sys [108440 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avipbb; C:\Windows\System32\DRIVERS\avipbb.sys [131576 2013-12-18] (Avira Operations GmbH & Co. KG)
S1 avkmgr; C:\Windows\System32\DRIVERS\avkmgr.sys [28600 2013-11-19] (Avira Operations GmbH & Co. KG)
S3 avmeject; C:\Windows\System32\drivers\avmeject.sys [14120 2010-10-22] (AVM Berlin)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [70984 2013-06-10] (BlueStack Systems)
S3 FWLANUSB; C:\Windows\System32\DRIVERS\fwlanusb.sys [460800 2010-10-22] (AVM GmbH)
S3 fwlanusb4; C:\Windows\System32\DRIVERS\fwlanusb4.sys [1293824 2010-10-04] (AVM GmbH)
S3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [25536 2012-02-09] ()
S3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [25536 2012-02-09] ()
S3 ISCT; C:\Windows\System32\DRIVERS\ISCTD64.sys [44992 2012-02-09] ()
S2 lirsgt; C:\Windows\System32\DRIVERS\lirsgt.sys [43680 2013-04-05] ()
S3 RimUsb; C:\Windows\System32\Drivers\RimUsb_AMD64.sys [28416 2008-04-16] (Research In Motion Limited)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2014-01-17] ()
S3 ALSysIO; \??\C:\Users\Reinicke\AppData\Local\Temp\ALSysIO64.sys [x]
==================== NetSvcs (Whitelisted) ===================
==================== One Month Created Files and Folders ========
2014-01-17 14:36 - 2014-01-17 14:36 - 00000000 ____D C:\FRST
2014-01-17 11:47 - 2014-01-17 11:47 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2014-01-16 11:15 - 2014-01-16 11:15 - 07115203 _____ C:\Users\Reinicke\Downloads\1219090(1).zip
2014-01-16 11:15 - 2014-01-16 11:15 - 05412422 _____ C:\Users\Reinicke\Downloads\1180690.zip
2014-01-16 11:05 - 2014-01-16 11:06 - 10678963 _____ C:\Users\Reinicke\Downloads\1223481(1).zip
2014-01-16 11:05 - 2014-01-16 11:06 - 08484100 _____ C:\Users\Reinicke\Downloads\1217103(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 07009213 _____ C:\Users\Reinicke\Downloads\1216206(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 06358058 _____ C:\Users\Reinicke\Downloads\1215805(1).zip
2014-01-15 09:57 - 2013-11-27 02:41 - 00343040 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbhub.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00325120 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbport.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00099840 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbccgp.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00053248 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbehci.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00030720 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbuhci.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00025600 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbohci.sys
2014-01-15 09:57 - 2013-11-27 02:41 - 00007808 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\usbd.sys
2014-01-15 09:57 - 2013-11-26 12:40 - 00376768 _____ (Microsoft Corporation) C:\Windows\System32\Drivers\netio.sys
2014-01-15 09:57 - 2013-11-26 11:32 - 03156480 _____ (Microsoft Corporation) C:\Windows\System32\win32k.sys
2014-01-10 19:21 - 2014-01-10 19:26 - 263583224 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-5005-HOTFIX4-WIN64.exe
2014-01-10 19:09 - 2014-01-10 19:09 - 00001276 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2014-01-10 19:09 - 2014-01-10 19:09 - 00001101 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2014-01-10 19:07 - 2014-01-11 10:04 - 00000000 ____D C:\Program Files (x86)\ArchiCAD17
2014-01-10 18:48 - 2014-01-10 19:04 - 889819512 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-GER64(2).exe
2014-01-05 10:12 - 2014-01-05 10:12 - 00002320 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-01-05 10:11 - 2014-01-05 10:11 - 00000000 ____D C:\Users\Reinicke\Documents\My Games
2014-01-05 10:09 - 2014-01-05 10:10 - 111970304 _____ (SQUARE ENIX CO., LTD.) C:\Users\Reinicke\Downloads\ffxivsetup.exe
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\System32\ljkb
2013-12-20 22:28 - 2013-12-20 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== One Month Modified Files and Folders =======
2014-01-17 14:39 - 2013-02-08 18:51 - 01998361 _____ C:\Windows\WindowsUpdate.log
2014-01-17 14:36 - 2014-01-17 14:36 - 00000000 ____D C:\FRST
2014-01-17 14:35 - 2011-04-12 08:43 - 00696620 _____ C:\Windows\System32\perfh007.dat
2014-01-17 14:35 - 2011-04-12 08:43 - 00147916 _____ C:\Windows\System32\perfc007.dat
2014-01-17 14:35 - 2009-07-14 06:13 - 01612484 _____ C:\Windows\System32\PerfStringBackup.INI
2014-01-17 14:28 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2014-01-17 14:28 - 2009-07-14 05:45 - 00021856 ____H C:\Windows\System32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2014-01-17 14:13 - 2013-11-24 22:03 - 00001114 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2014-01-17 14:00 - 2013-02-12 17:11 - 00000000 ____D C:\Users\Reinicke\AppData\Local\Deployment
2014-01-17 13:46 - 2013-02-11 19:31 - 00000884 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2014-01-17 11:47 - 2014-01-17 11:47 - 00094656 _____ (CACE Technologies) C:\Windows\System32\WPRO_41_2001woem.tmp
2014-01-17 11:47 - 2013-07-11 08:38 - 00034752 _____ C:\Windows\System32\Drivers\WPRO_41_2001.sys
2014-01-17 11:46 - 2013-11-24 22:03 - 00001110 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2014-01-17 11:46 - 2013-02-07 19:13 - 00000000 ____D C:\ProgramData\NVIDIA
2014-01-17 11:46 - 2013-02-07 18:59 - 00000828 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon.job
2014-01-17 11:46 - 2010-11-21 04:47 - 00397262 _____ C:\Windows\PFRO.log
2014-01-17 11:46 - 2009-07-14 06:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2014-01-17 11:46 - 2009-07-14 05:51 - 00075191 _____ C:\Windows\setupact.log
2014-01-16 16:16 - 2013-02-07 18:59 - 00000830 _____ C:\Windows\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d.job
2014-01-16 11:15 - 2014-01-16 11:15 - 07115203 _____ C:\Users\Reinicke\Downloads\1219090(1).zip
2014-01-16 11:15 - 2014-01-16 11:15 - 05412422 _____ C:\Users\Reinicke\Downloads\1180690.zip
2014-01-16 11:06 - 2014-01-16 11:05 - 10678963 _____ C:\Users\Reinicke\Downloads\1223481(1).zip
2014-01-16 11:06 - 2014-01-16 11:05 - 08484100 _____ C:\Users\Reinicke\Downloads\1217103(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 07009213 _____ C:\Users\Reinicke\Downloads\1216206(1).zip
2014-01-16 11:05 - 2014-01-16 11:05 - 06358058 _____ C:\Users\Reinicke\Downloads\1215805(1).zip
2014-01-15 18:13 - 2009-07-14 05:45 - 00294880 _____ C:\Windows\System32\FNTCACHE.DAT
2014-01-15 13:13 - 2013-08-14 10:37 - 00000000 ____D C:\Windows\System32\MRT
2014-01-15 13:12 - 2013-02-14 05:37 - 86054176 _____ (Microsoft Corporation) C:\Windows\System32\MRT.exe
2014-01-15 12:33 - 2013-03-22 00:21 - 00000000 ____D C:\Users\Reinicke\AppData\Local\CrashDumps
2014-01-15 10:35 - 2013-09-23 20:55 - 00000000 ____D C:\Users\Reinicke\Documents\BIMx
2014-01-15 10:35 - 2013-09-23 20:54 - 00000000 ____D C:\Users\Reinicke\Graphisoft
2014-01-11 10:04 - 2014-01-10 19:07 - 00000000 ____D C:\Program Files (x86)\ArchiCAD17
2014-01-10 19:27 - 2013-09-23 20:49 - 00007435 _____ C:\Windows\vpd.properties
2014-01-10 19:26 - 2014-01-10 19:21 - 263583224 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-5005-HOTFIX4-WIN64.exe
2014-01-10 19:26 - 2013-09-23 20:44 - 00000000 ____D C:\Users\Reinicke\AppData\Roaming\Install.GS
2014-01-10 19:21 - 2013-09-23 20:54 - 00000000 ____D C:\Users\Reinicke\AppData\Roaming\Graphisoft
2014-01-10 19:09 - 2014-01-10 19:09 - 00001276 _____ C:\Users\Public\Desktop\BIMx für ArchiCAD 17.lnk
2014-01-10 19:09 - 2014-01-10 19:09 - 00001101 _____ C:\Users\Public\Desktop\ArchiCAD 17.lnk
2014-01-10 19:09 - 2013-09-23 20:44 - 00000000 ____D C:\Program Files (x86)\ArchiCAD
2014-01-10 19:04 - 2014-01-10 18:48 - 889819512 _____ (Graphisoft SE) C:\Users\Reinicke\Downloads\AC17-GER64(2).exe
2014-01-05 18:21 - 2013-02-12 16:21 - 00000000 ____D C:\Users\Reinicke\AppData\Roaming\TS3Client
2014-01-05 10:12 - 2014-01-05 10:12 - 00002320 _____ C:\Users\Public\Desktop\FINAL FANTASY XIV - A Realm Reborn.lnk
2014-01-05 10:12 - 2013-02-11 19:20 - 00000000 ____D C:\Spiele
2014-01-05 10:12 - 2013-02-07 18:56 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2014-01-05 10:11 - 2014-01-05 10:11 - 00000000 ____D C:\Users\Reinicke\Documents\My Games
2014-01-05 10:10 - 2014-01-05 10:09 - 111970304 _____ (SQUARE ENIX CO., LTD.) C:\Users\Reinicke\Downloads\ffxivsetup.exe
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\SysWOW64\jmdp
2014-01-04 10:19 - 2014-01-04 10:19 - 00000000 ____D C:\Windows\System32\ljkb
2014-01-04 10:19 - 2013-05-09 11:35 - 00000000 ____D C:\Windows\SysWOW64\WNLT
2014-01-04 10:19 - 2013-05-09 11:35 - 00000000 ____D C:\Windows\SysWOW64\ARFC
2014-01-03 10:17 - 2009-07-14 06:09 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2013-12-29 11:12 - 2013-05-09 11:35 - 01833776 _____ C:\Windows\System32\dmwu.exe
2013-12-29 11:08 - 2013-05-09 11:35 - 00033792 _____ (IncrediMail, Ltd.) C:\Windows\System32\ImHttpComm.dll
2013-12-27 22:48 - 2013-02-11 19:36 - 00000000 ____D C:\Users\Reinicke\Documents\Musik
2013-12-26 18:04 - 2009-07-14 04:20 - 00000000 ____D C:\Windows\rescache
2013-12-25 09:03 - 2011-06-11 01:15 - 00829264 _____ (Microsoft Corporation) C:\Windows\System32\msvcr100.dll
2013-12-25 09:03 - 2011-06-11 01:15 - 00608080 _____ (Microsoft Corporation) C:\Windows\System32\msvcp100.dll
2013-12-21 21:46 - 2013-02-11 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2013-12-20 22:28 - 2013-12-20 22:28 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2013-12-18 19:32 - 2013-05-07 09:14 - 00084720 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avnetflt.sys
2013-12-18 19:32 - 2013-03-28 19:30 - 00131576 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avipbb.sys
2013-12-18 19:32 - 2013-03-28 19:30 - 00108440 _____ (Avira Operations GmbH & Co. KG) C:\Windows\System32\Drivers\avgntflt.sys
Some content of TEMP:
====================
C:\Users\Reinicke\AppData\Local\Temp\7z920.exe
C:\Users\Reinicke\AppData\Local\Temp\appshat-distribution.exe
C:\Users\Reinicke\AppData\Local\Temp\AskSLib.dll
C:\Users\Reinicke\AppData\Local\Temp\avgnt.exe
C:\Users\Reinicke\AppData\Local\Temp\bi_cleaner.exe
C:\Users\Reinicke\AppData\Local\Temp\bundlesweetimsetup.exe
C:\Users\Reinicke\AppData\Local\Temp\FLVPlayerSetup.exe
C:\Users\Reinicke\AppData\Local\Temp\GenericUninstall.exe
C:\Users\Reinicke\AppData\Local\Temp\Gw2.exe
C:\Users\Reinicke\AppData\Local\Temp\ICReinstall_UltimateCodec.exe
C:\Users\Reinicke\AppData\Local\Temp\installerdll4564885.dll
C:\Users\Reinicke\AppData\Local\Temp\installerdll4570111.dll
C:\Users\Reinicke\AppData\Local\Temp\install_reader11_de_mssd_aih.exe
C:\Users\Reinicke\AppData\Local\Temp\jre-7u45-windows-i586-iftw.exe
C:\Users\Reinicke\AppData\Local\Temp\mgsqlite3.dll
C:\Users\Reinicke\AppData\Local\Temp\rootsupd.exe
C:\Users\Reinicke\AppData\Local\Temp\run.exe
C:\Users\Reinicke\AppData\Local\Temp\Setup.exe
C:\Users\Reinicke\AppData\Local\Temp\ubi582E.tmp.exe
C:\Users\Reinicke\AppData\Local\Temp\uninstaller.exe
C:\Users\Reinicke\AppData\Local\Temp\UpdateCheckerSetup.exe
C:\Users\Reinicke\AppData\Local\Temp\vcredist_x64.exe
C:\Users\Reinicke\AppData\Local\Temp\vcredist_x86.exe
C:\Users\Reinicke\AppData\Local\Temp\WindowsInstaller-KB893803-v2-x86.exe
C:\Users\Reinicke\AppData\Local\Temp\WSSetup.exe
==================== Known DLLs (Whitelisted) ================
==================== Bamital & volsnap Check =================
C:\Windows\System32\winlogon.exe => MD5 is legit
C:\Windows\System32\wininit.exe => MD5 is legit
C:\Windows\SysWOW64\wininit.exe => MD5 is legit
C:\Windows\explorer.exe => MD5 is legit
C:\Windows\SysWOW64\explorer.exe => MD5 is legit
C:\Windows\System32\svchost.exe => MD5 is legit
C:\Windows\SysWOW64\svchost.exe => MD5 is legit
C:\Windows\System32\services.exe => MD5 is legit
C:\Windows\System32\User32.dll => MD5 is legit
C:\Windows\SysWOW64\User32.dll => MD5 is legit
C:\Windows\System32\userinit.exe => MD5 is legit
C:\Windows\SysWOW64\userinit.exe => MD5 is legit
C:\Windows\System32\rpcss.dll => MD5 is legit
C:\Windows\System32\Drivers\volsnap.sys => MD5 is legit
==================== EXE ASSOCIATION =====================
HKLM\...\.exe: exefile => OK
HKLM\...\exefile\DefaultIcon: %1 => OK
HKLM\...\exefile\open\command: "%1" %* => OK
==================== Restore Points =========================
Restore point made on: 2014-01-07 21:31:27
Restore point made on: 2014-01-15 09:58:00
Restore point made on: 2014-01-15 13:12:37
Restore point made on: 2014-01-17 14:05:01
Restore point made on: 2014-01-17 14:38:06
==================== Memory info ===========================
Percentage of memory in use: 9%
Total physical RAM: 8076.88 MB
Available physical RAM: 7271.33 MB
Total Pagefile: 8075.08 MB
Available Pagefile: 7269.87 MB
Total Virtual: 8192 MB
Available Virtual: 8191.87 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:931.41 GB) (Free:694.05 GB) NTFS
Drive e: (Sims3EP10) (CDROM) (Total:4.37 GB) (Free:0 GB) UDF
Drive f: (FH DORTMUND) (Removable) (Total:3.8 GB) (Free:3.41 GB) FAT32
Drive x: (Boot) (Fixed) (Total:0.03 GB) (Free:0.03 GB) NTFS
Drive y: (System-reserviert) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[System with boot components (obtained from reading drive)]
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 932 GB) (Disk ID: 526C69FD)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 4 GB) (Disk ID: 00000000)
Partition 1: (Not Active) - (Size=4 GB) - (Type=0C)
LastRegBack: 2014-01-15 10:14
==================== End Of Log ============================
|
| Themen zu Interpol-Virus - Rechner ist gesperrt |
| adobe, adobe flash player, antivir, association, avg, avira, bluestacks, desktop, explorer, flash player, geld, gesperrt, home, icreinstall, installation, mozilla, nvidia, opera, problem, realtek, registry, schließen, services.exe, stick, svchost.exe, temp, usb, vcredist, winlogon.exe |
Baum-Darstellung